Computer Laboratory

Cambridge Cybercrime Centre: Third Annual Cybercrime Conference, 12 July 2018

The Cambridge Cybercrime Centre organised its third one day conference on cybercrime on Thursday, 12th July 2018.

For details of the 2016 event see here.

For details of the 2017 event see here.

In future years we intend to focus on research that has been carried out using datasets provided by the Cybercrime Centre, but for this year we have once again organised a stellar group of invited speakers who are at the forefront of their fields. They will present various aspects of cybercrime from the point of view of criminology, law, security economics and policing.

The one day event, was held in the Faculty of Law, University of Cambridge and followed immediately after the "Eleventh International Conference on Evidence Based Policing" organised by the Institute of Criminology which ran on the 10th and 11th July 2018.


09:00 Registration

09:30 Cryptocurrency Crime, Trends, Techniques and How to Launder the Money

Dave Jevans CipherTrace

Abstract: The first half of 2018 has seen a three-fold increase in cryptocurrency crime and theft over the whole of 2017.  This talk will discuss the overall state of cryptocurrency crime, what is driving these trends, who is being targeted and how the money is being laundered.  This talk will examine attacks on exchanges, individuals, ICOs, investors, hardware and online cryptocurrency wallets.  Several case studies will be presented of cutting edge cryptocurrency malware and related attacks.  We will also provide a brief summary of the legal and regulatory environment globally that is attempting to put together a framework whereby cryptocurrencies and crypto assets can be more safely used and traded.

10:00 Movie Pirates of the Caribbean: Exploring Illegal Streaming Cyberlockers

Gareth Tyson Queen Mary University of London

Abstract: Online video piracy (OVP) is a contentious topic, with strong proponents on both sides of the argument. Recently, a number of websites, called streaming cyberlockers, have begun to dominate OVP. These websites specialise in distributing pirated content, underpinned by third party indexing services offering easy-to-access directories of content. The talk will present empirical measurements of OVP in-the-wild, exploring the types of content shared, as well the streaming cyberlockers' individual attributes. It will also discuss the actions of copyright enforcers to highlight their strategies and the responses by the cyberlockers.

10:30 Coffee break

11:00 Cyber-offenders versus traditional offenders: an empirical comparison and implications for prevention

Marleen Weulen Kranenbarg Vrije Universiteit (VU) Amsterdam

Abstract: Until recently, the focus was solely on technical prevention of cybercrime victimization. Prevention on the human factor side was almost completely absent. In recent years we have seen a rise in the number of ways in which prevention is now also targeting the users of IT-systems. This mainly focuses on the victims, but from a criminological standpoint it is very important to also target offenders. The offenders are the source of the problem and if we can find ways to direct them into the ethical instead of the criminal path, this could have a big impact on cybercrime.

This presentation will first discuss the outcomes of a finished PhD project entitled ‘Cyber-offenders versus traditional offenders: an empirical comparison’. In this project a Dutch sample of cyber-offenders were compared to a sample of traditional offenders on four topics that are important in criminology in explaining and understanding offending. First, based on longitudinal data it examined at what moment in a person’s life, a person is more likely to commit a cybercrime versus a traditional crime. Secondly, it examined what the personal and situational risk factors for both offending and victimization are for cybercrime and traditional crime. Third, by looking at the social environment of people, it examined to what extent people in this social environment show similar cybercriminal behavior and attitudes and if that is similar to traditional criminal behavior in social networks. Lastly, the focus was on motives for offending and how these are different between different types of cyber-offenses and traditional offenses.

After discussing the results of this project, this presentation will focus on the implications of these results for prevention of cybercrime. A few different types of prevention will be discussed, but the main focus will be on Coordinated Vulnerability Disclosure and how, from a criminological standpoint, this may or may not prevent exploitation of vulnerabilities.

11:30 Ethical issues in research using datasets of illicit origin

Daniel R. Thomas Cambridge Cybercrime Centre

Abstract: We evaluate the use of data obtained by illicit means against a broad set of ethical and legal issues. Our analysis covers both the direct collection, and secondary uses of, data obtained via illicit means such as exploiting a vulnerability, or unauthorized disclosure. We extract ethical principles from existing advice and guidance and analyse how they have been applied within more than 20 recent peer reviewed papers that deal with illicitly obtained datasets. We find that existing advice and guidance does not address all of the problems that researchers have faced and explain how the papers tackle ethical issues inconsistently, and sometimes not at all. Our analysis reveals not only a lack of application of safeguards but also that legitimate ethical justifications for research are being overlooked. In many cases positive benefits, as well as potential harms, remain entirely unidentified. Few papers record explicit Research Ethics Board (REB) approval for the activity that is described and the justifications given for exemption suggest deficiencies in the REB process.

12:00 Behind the curtain: the illicit trade of firearms, explosives and ammunition on the dark web

Giacomo Persi Paoli Defence, Security and Infrastructure Group, RAND Europe

Abstract: The potential role of the dark web in facilitating trade in firearms, ammunition and explosives has gained increased public attention following recent terrorist attacks in Europe. However, the hidden and obscure parts of the web are used also by criminals and other types of individuals to procure or sell a wide range of weapons and associated products through cryptomarkets and vendor shops. The overall aim of the study was to estimate the size and scope of the trade in firearms and related products on cryptomarkets, including the number of dark web markets listing firearms and related products and services for sale, and the range and type of firearms and related products advertised and sold on cryptomarkets. This presentation also contrasts RAND’s work on firearms with our earlier work on the online drug trade.

12:30 Lunch

13:30 Breaking the cybercrime chain

David S. Wall Centre for Criminal Justice Studies, School of Law, Leeds

Abstract: In this talk I will overview findings from three ongoing research projects (CRITiCal - Cloud CyberCrime; EMPHASIS - Ransomware; and TAKEDOWN - Organised Crime and Terror Networks) to explore 'the cybercrime chain'. This is a new way of thinking about cybercrime and cybersecurity which seeks to differentiate between upstream and downstream cybercrimes and explore their relationships and differences. In so doing, the analysis will inform policy to assist in directing policing resources more accurately for prevention (Protect), mitigation (Prepare), enforcement of law (Pursue) and prevent offending behaviour from escalating (Prevent).

14:00 DDoS attacks yesterday, today, and tomorrow

Jair Santanna University of Twente

Abstract: In this presentation Jair will discuss the history of Distributed Denial of Service (DDoS) attacks, focusing on the step-by-step practical investigation of Booter Websites (at He will conclude his presentation by giving a hands-on on the earliest outcomes of his current project DDoSDB ( for sharing attack information with the security and academic communities.

14:30 Coffee break

15:00 Profiling the cybercriminal

Maria Bada Global Cyber Security Capacity Centre, University of Oxford

Abstract: The purpose of the presentation is to reflect on the theoretical background and different models of inductive and deductive criminal profiling as well as the influence tactics used by cybercriminals in order to create trust (social engineering). I will focus on the motivations of cybercriminals, their characteristics, and types of cybercrimes certain attackers may be likely to engage in, based on case scenarios. This presentation is grounded in an analysis and synthesis of a variety of sources, including research articles, industry-based reports and anecdotal evidence. The ultimate aim is to use such insight to decode the cybercriminal mind-set, and gain a better understanding of the psychological, criminological, and sociological aspects of cybercriminal profiles.

15:30 Data science approaches to understanding key actors on online hacking forums

Sergio Pastrana Cambridge Cybercrime Centre

Andrew Caines Faculty of Modern and Medieval Languages, Cambridge

Abstract: Underground forums contain many thousands of active users, but the vast majority will be involved, at most, in minor levels of deviance. The number who become engaged in serious criminal activity is small. That being said, underground forums have played a significant role in several recent high-profile cybercrime activities. We have compiled a massive dataset, dubbed CrimeBB, by crawling and scraping an assortment of online forums. The dataset presents a unique opportunity to understand these communities at scale, and allows for longitudinal social data analysis. Manual analysis is infeasible, and the complexity of these forums, and the unique lexicon used, makes automatic analysis challenging. In this talk we will describe the data collection and present preliminary results obtained in the scope of an interdisciplinary project, where we apply various data science methods to analyse the data. Concretely we apply social network analysis to analyse their social interests, natural language processing to classify the type of information posted and clustering to group the actors based on forum activity.

16:30 The Cambridge Cybercrime Centre

Richard Clayton Cambridge Cybercrime Centre

Slides in PDF format

Abstract: This talk briefly discusses our legal framework for sharing cybercrime data with other academic researchers and give some examples of the type of data we have and what it is being used for.

16:45 Social event: Strawberries & Pimms

...back to main page